Update descriptions of env_keep and env_check to match current reality.
This commit is contained in:
Todd C. Miller
60
sudoers.pod
60
sudoers.pod
@@ -417,13 +417,15 @@ This flag is I<off> by default.
|
|||||||
|
|
||||||
=item set_logname
|
=item set_logname
|
||||||
|
|
||||||
Normally, B<sudo> will set the C<LOGNAME> and C<USER> environment variables
|
Normally, B<sudo> will set the C<LOGNAME>, C<USER> and C<USERNAME>
|
||||||
to the name of the target user (usually root unless the B<-u> flag is given).
|
environment variables to the name of the target user (usually root
|
||||||
However, since some programs (including the RCS revision control system)
|
unless the B<-u> flag is given). However, since some programs
|
||||||
use C<LOGNAME> to determine the real identity of the user, it may be desirable
|
(including the RCS revision control system) use C<LOGNAME> to
|
||||||
to change this behavior. This can be done by negating the set_logname option.
|
determine the real identity of the user, it may be desirable to
|
||||||
Note that if the I<env_reset> option has not been disabled, entries in
|
change this behavior. This can be done by negating the set_logname
|
||||||
the I<env_keep> list will override the value of I<set_logname>.
|
option. Note that if the I<env_reset> option has not been disabled,
|
||||||
|
entries in the I<env_keep> list will override the value of
|
||||||
|
I<set_logname>.
|
||||||
|
|
||||||
=item stay_setuid
|
=item stay_setuid
|
||||||
|
|
||||||
@@ -439,14 +441,12 @@ function.
|
|||||||
=item env_reset
|
=item env_reset
|
||||||
|
|
||||||
If set, B<sudo> will reset the environment to only contain the
|
If set, B<sudo> will reset the environment to only contain the
|
||||||
following variables: C<DISPLAY>, C<HOME>, C<LOGNAME>, C<PATH>,
|
LOGNAME, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
|
||||||
C<SHELL>, C<TERM>, C<TZ> and C<USER> (in addition to the C<SUDO_*>
|
variables in the caller's environment that match the C<env_keep>
|
||||||
variables). Of these, only C<DISPLAY>, C<PATH>, C<TZ> and C<TERM>
|
and C<env_check> lists are then added. The default contents of the
|
||||||
are copied unaltered from the old environment. The other variables
|
C<env_keep> and C<env_check> lists are displayed when B<sudo> is
|
||||||
are set to default values (possibly modified by the value of the
|
run by root with the I<-V> option. If the I<secure_path> option
|
||||||
I<set_logname> option). If the I<secure_path> option is set, its
|
is set, its -value will be used for the C<PATH> environment variable.
|
||||||
value will be used for the C<PATH> environment variable. Other
|
|
||||||
variables may be preserved via the I<env_keep> option.
|
|
||||||
This flag is I<on> by default.
|
This flag is I<on> by default.
|
||||||
|
|
||||||
=item use_loginclass
|
=item use_loginclass
|
||||||
@@ -623,7 +623,7 @@ Defaults to C<@badpri@>.
|
|||||||
|
|
||||||
A colon (':') separated list of editors allowed to be used with
|
A colon (':') separated list of editors allowed to be used with
|
||||||
B<visudo>. B<visudo> will choose the editor that matches the user's
|
B<visudo>. B<visudo> will choose the editor that matches the user's
|
||||||
USER environment variable if possible, or the first editor in the
|
EDITOR environment variable if possible, or the first editor in the
|
||||||
list that exists and is executable. The default is the path to vi
|
list that exists and is executable. The default is the path to vi
|
||||||
on your system.
|
on your system.
|
||||||
|
|
||||||
@@ -785,9 +785,12 @@ be used to guard against printf-style format vulnerabilities in
|
|||||||
poorly-written programs. The argument may be a double-quoted,
|
poorly-written programs. The argument may be a double-quoted,
|
||||||
space-separated list or a single value without double-quotes. The
|
space-separated list or a single value without double-quotes. The
|
||||||
list can be replaced, added to, deleted from, or disabled by using
|
list can be replaced, added to, deleted from, or disabled by using
|
||||||
the C<=>, C<+=>, C<-=>, and C<!> operators respectively. The default
|
the C<=>, C<+=>, C<-=>, and C<!> operators respectively. Regardless
|
||||||
list of environment variables to check is printed when B<sudo> is
|
of whether the C<env_reset> option is enabled or disabled, variables
|
||||||
run by root with the I<-V> option.
|
specified by C<env_check> will be preserved in the environment if
|
||||||
|
they pass the aforementioned check. The default list of environment
|
||||||
|
variables to check is displayed when B<sudo> is run by root with
|
||||||
|
the I<-V> option.
|
||||||
|
|
||||||
=item env_delete
|
=item env_delete
|
||||||
|
|
||||||
@@ -796,7 +799,7 @@ The argument may be a double-quoted, space-separated list or a
|
|||||||
single value without double-quotes. The list can be replaced, added
|
single value without double-quotes. The list can be replaced, added
|
||||||
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
|
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
|
||||||
C<!> operators respectively. The default list of environment
|
C<!> operators respectively. The default list of environment
|
||||||
variables to remove is printed when B<sudo> is run by root with the
|
variables to remove is displayed when B<sudo> is run by root with the
|
||||||
I<-V> option. Note that many operating systems will remove potentially
|
I<-V> option. Note that many operating systems will remove potentially
|
||||||
dangerous variables from the environment of any setuid process (such
|
dangerous variables from the environment of any setuid process (such
|
||||||
as B<sudo>).
|
as B<sudo>).
|
||||||
@@ -809,7 +812,8 @@ control over the environment B<sudo>-spawned processes will receive.
|
|||||||
The argument may be a double-quoted, space-separated list or a
|
The argument may be a double-quoted, space-separated list or a
|
||||||
single value without double-quotes. The list can be replaced, added
|
single value without double-quotes. The list can be replaced, added
|
||||||
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
|
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
|
||||||
C<!> operators respectively. This list has no default members.
|
C<!> operators respectively. The default list of variables to keep
|
||||||
|
is displayed when B<sudo> is run by root with the I<-V> option.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
@@ -1090,13 +1094,13 @@ Here we override some of the compiled in default values. We want
|
|||||||
B<sudo> to log via L<syslog(3)> using the I<auth> facility in all
|
B<sudo> to log via L<syslog(3)> using the I<auth> facility in all
|
||||||
cases. We don't want to subject the full time staff to the B<sudo>
|
cases. We don't want to subject the full time staff to the B<sudo>
|
||||||
lecture, user B<millert> need not give a password, and we don't
|
lecture, user B<millert> need not give a password, and we don't
|
||||||
want to reset the C<LOGNAME> or C<USER> environment variables when
|
want to reset the C<LOGNAME>, C<USER> or C<USERNAME> environment
|
||||||
running commands as root. Additionally, on the machines in the
|
variables when running commands as root. Additionally, on the
|
||||||
I<SERVERS> C<Host_Alias>, we keep an additional local log file and
|
machines in the I<SERVERS> C<Host_Alias>, we keep an additional
|
||||||
make sure we log the year in each log line since the log entries
|
local log file and make sure we log the year in each log line since
|
||||||
will be kept around for several years. Lastly, we disable shell
|
the log entries will be kept around for several years. Lastly, we
|
||||||
escapes for the commands in the PAGERS C<Cmnd_Alias> (/usr/bin/more,
|
disable shell escapes for the commands in the PAGERS C<Cmnd_Alias>
|
||||||
/usr/bin/pg and /usr/bin/less).
|
(/usr/bin/more, /usr/bin/pg and /usr/bin/less).
|
||||||
|
|
||||||
# Override built-in defaults
|
# Override built-in defaults
|
||||||
Defaults syslog=auth
|
Defaults syslog=auth
|
||||||
|
|||||||
Reference in New Issue
Block a user